Sunday, May 09, 2004
Word to the wise
Word to the wise: Requesting a password reminder is not hacking an account.
I normally try to avoid online drama, but events between two people whom I read got pretty much out of hand, and while I avoided leaving any comments in their respective websites, one point is still gnawing at me. So I'll comment here, in neutral ground (and I know both of them will read this) and (probably against my better judgement, but that's never stopped me before) give my two bits worth.
A bit of the backstory: Alice and Bob (obviously not their real names) were an item (albeit a long distance item) and during the time they were together, Alice helped Bob register a few domains, and setup one or two web-based communities. Life happened, and several moons ago Alice and Bob broke up. But contact and billing information for the domain hosting and community sites were not updated. Or updated correctly. Or something to that effect.
This brings us up to Friday.
Alice notices that she's still listed as a moderator on the community site run by Bob. Curiosity getting the better of her (and I suspect, a desire to fix the problem right then and there and remove her information), she requested a password reminder.
Which Bob was notified of:
Word to the wise: When you request a password reminder on XXXXXXXXXXX, it goes to the e-mail address on record for that account. So the person associated with that e-mail address now knows that you tried to hack [the] account.
Okay. Do you really think I'd be stupid enough to fail to change the e-mail address and password on a community I now moderate?
How stupid does that make you? *laugh*
It was that comment that struck me badly.
Yes, accessing a computer you are not allowed to access is a Federal offense (not that I totally agree with it, but that's the law as it is currently). But note that in order for it to be a Federal offense, one has to actually access the computer in question. Attempting to gain access? That's a different question. And attempting to gain access to a computer that at one point you had access to? That might not even be a Federal offense.
Case in point. My account at FAU lasted way past my last days there. For all I know, I may still have an account there. Let's see …
[spc]linus:~>ssh spconner@XXXXXXXXXXX.fau.edu spconner@XXXXXXXXXXX.fau.edu's password: Permission denied, please try again. spconner@XXXXXXXXXXX.fau.edu's password: Permission denied, please try again. spconner@XXXXXXXXXXX.fau.edu's password: Permission denied (publickey,password,keyboard-interactive). [spc]linus:~>
Hhmmm … guess I no longer have access there, but I know that this will show up in the logs; something like:
May 9 23:25:11 XXXXXXX sshd[22328]: Failed password for spconner from 10.0.0.2 port 36180 ssh2
But will FAU (or the department this machine was in) do anything about it?
I doubt it. It's a one time thing. Now, had I tried multiple times, say, five, ten, a hundred times, then yes, that would definitely be a hacking attempt. Once? Just seeing if the access is still there.
Other examples of hacking?
May 9 13:48:25 janet kernel: IP fw-in rej eth1 TCP 69.70.115.31:1343 69.167.102.16:2745 L=48 S=0x00 I=26379 F=0x4000 T=107 May 9 13:48:25 janet kernel: IP fw-in rej eth1 TCP 69.70.115.31:1345 69.167.102.16:1025 L=48 S=0x00 I=26381 F=0x4000 T=107 May 9 13:48:25 janet kernel: IP fw-in rej eth1 TCP 69.70.115.31:1347 69.167.102.16:3127 L=48 S=0x00 I=26383 F=0x4000 T=107 May 9 13:48:25 janet kernel: IP fw-in rej eth1 TCP 69.70.115.31:1348 69.167.102.16:6129 L=48 S=0x00 I=26384 F=0x4000 T=107 May 9 13:48:34 janet kernel: IP fw-in rej eth1 TCP 69.70.115.31:1348 69.167.102.16:6129 L=48 S=0x00 I=30400 F=0x4000 T=107 May 9 13:48:34 janet kernel: IP fw-in rej eth1 TCP 69.70.115.31:1347 69.167.102.16:3127 L=48 S=0x00 I=30401 F=0x4000 T=107 May 9 13:48:34 janet kernel: IP fw-in rej eth1 TCP 69.70.115.31:1345 69.167.102.16:1025 L=48 S=0x00 I=30403 F=0x4000 T=107 May 9 13:48:34 janet kernel: IP fw-in rej eth1 TCP 69.70.115.31:1343 69.167.102.16:2745 L=48 S=0x00 I=30405 F=0x4000 T=107
Someone trying to get into my home network. Well, rather, mutiple someones. 51 different sources for 166 attempts (18 from one IP address alone).
And that's just today.
That's a hack attempt.
Requesting a password be emailed?
I'm sorry, that is not a hack attempt.
I suppose Bob's comment hit me rather hard since I've been on the receiving end of hacking attempts multiple times (and still am, as you can see above). After a while, it simply becomes noise and the only hack attempts that are worth consideration are those that actually break in and do damage.
I'm not trying to slight Bob here—after all, I doubt Bob has much experience with being hacked, but I do think that the schadenfreude is misplaced in this instance. Alice did not attempt a hack, nor is she stupid:
With regard to [the] allegation, I have this to say: Yes, I triggered the password retrieval function of the community. Here's why—
The userinfo page on … the community in question still list me as the community moderator. About two days ago, I sent … a politely worded e-mail asking [Bob] to take my name off the userinfo page for … the community in question. I did not think that this is an unreasonable request, particularly since we broke up over five months ago.
I noticed earlier today that the userinfo pages had not been changed, and I idly wondered if my e-mail address was still listed on the community. I was pretty sure that this was not the case, since I was pretty careful to remove myself when I handed it over to [Bob] back in November, but I was curious, so I hit the password retrieval tool.
Just curious. And had I been in a similar situation as Alice, I would have done the same.
Guess that would make me stupid then …
![[The future's so bright, I gotta wear shades]](https://www.conman.org/people/spc/about/2023/1023.t.jpg "The future's so bright, I gotta wear shades")